Export limit exceeded: 356269 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 82823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (82823 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9133 | 1 Aws | 1 Rabbitmq Aws | 2026-05-21 | 7.7 High |
| Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. To remediate this issue, customers should upgrade to version 0.2.1 of rabbitmq-aws. If RabbitMQ is configured to use TLS for connections, we also recommend rotating any associated private certificate keys. | ||||
| CVE-2026-44064 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.1 High |
| An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request. | ||||
| CVE-2026-44068 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.6 High |
| Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names. | ||||
| CVE-2026-44062 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data. | ||||
| CVE-2026-44060 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request. | ||||
| CVE-2026-44052 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials. | ||||
| CVE-2026-44049 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data. | ||||
| CVE-2026-44048 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 8.8 High |
| A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service. | ||||
| CVE-2026-44047 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 8.8 High |
| An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service. | ||||
| CVE-2026-44051 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 8.1 High |
| An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation. | ||||
| CVE-2026-44053 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.4 High |
| Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack. | ||||
| CVE-2026-44055 | 1 Netatalk | 1 Netatalk | 2026-05-21 | 7.5 High |
| A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code. | ||||
| CVE-2023-4664 | 1 Adobe | 1 Connect | 2026-05-21 | 8.8 High |
| Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | ||||
| CVE-2023-4665 | 1 Adobe | 1 Connect | 2026-05-21 | 8.8 High |
| Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | ||||
| CVE-2026-40092 | 1 Nimiq | 1 Core-rs-albatross | 2026-05-21 | 7.5 High |
| nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned<ValidatorRecord, KeyPair> with a signature field whose byte length is not exactly 64 in order to cause a crash. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches Ed25519Signature::from_bytes(sig).unwrap() in the TaggedPublicKey implementation for Ed25519PublicKey. The from_bytes call fails because ed25519_zebra::Signature::try_from rejects slices not 64 bytes, and the unwrap() panics. The BLS TaggedPublicKey implementation correctly returns false on error; only the Ed25519 implementation panics. This issue has been fixed in version 1.4.0. | ||||
| CVE-2026-9157 | 1 Gmission | 1 Web Fax | 2026-05-21 | 8.4 High |
| Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1. | ||||
| CVE-2026-39047 | 1 Epson | 1 L14150 | 2026-05-21 | 7.5 High |
| Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100 | ||||
| CVE-2026-44926 | 1 Veritas | 1 Infoscale | 2026-05-21 | 8.8 High |
| InfoScale CmdServer before 7.4.2 mishandles access control. | ||||
| CVE-2026-0856 | 1 Mesalvo | 2 Meona Client Launcher Component, Meona Server Component | 2026-05-21 | 7.8 High |
| Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020. | ||||
| CVE-2026-22315 | 1 Mesalvo | 2 Meona Client Launcher Component, Meona Server Component | 2026-05-21 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020. | ||||